bandook | 1eae4130dd53ff1b2040e873a91240e882f5b8876504190d5120a7c7cbbb4d69 | Triage

Submit
Reports

Overview

overview

Static

static

1

Comprobant...ar.exe

windows7-x64

Comprobant...ar.exe

windows10-2004-x64

Sharing

General

Target

Comprobante_Popular.exe
Size

4.5MB
Sample

230209-ytdzksbb66
MD5

e2e9fec586f58fe3c395c3c0db09fba9
SHA1

a06bc8ed34fd344332bd36e65bcbb27e67d37052
SHA256

1eae4130dd53ff1b2040e873a91240e882f5b8876504190d5120a7c7cbbb4d69
SHA512

12757e07fe1ebdfba9658d4770da0a38e82547f41401255654673fa8c46eeae7d6db003de59f02ade64bd5e18ff668f5b09c7180a31190a1077a7509830570fe
SSDEEP

49152:m/i9YtvM6deC6gnFds40GdV0sZLigNwKRIq3mjp41ckR62aAo98xAcTnUkcNVuVN:m/iwZ6gn1A

Score

10^/10

bandook rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

Comprobante_Popular.exe

Resource

win7-20220812-en

bandook rat trojan upx

windows7-x64

5 signatures

300 seconds

Behavioral task

behavioral2

Sample

Comprobante_Popular.exe

Resource

win10v2004-20220812-en

bandook rat trojan upx

windows10-2004-x64

5 signatures

300 seconds

Malware Config

Extracted

Family

bandook

C2

bomes.ru

Targets

- Target
  
  Comprobante_Popular.exe
- Size
  
  4.5MB
- MD5
  
  e2e9fec586f58fe3c395c3c0db09fba9
- SHA1
  
  a06bc8ed34fd344332bd36e65bcbb27e67d37052
- SHA256
  
  1eae4130dd53ff1b2040e873a91240e882f5b8876504190d5120a7c7cbbb4d69
- SHA512
  
  12757e07fe1ebdfba9658d4770da0a38e82547f41401255654673fa8c46eeae7d6db003de59f02ade64bd5e18ff668f5b09c7180a31190a1077a7509830570fe
- SSDEEP
  
  49152:m/i9YtvM6deC6gnFds40GdV0sZLigNwKRIq3mjp41ckR62aAo98xAcTnUkcNVuVN:m/iwZ6gn1A
Score

10^/10

bandook rat trojan upx
- Bandook RAT
  Bandook is a remote access tool written in C++ and shipped with a loader written in Delphi.
  rat trojan bandook
- Bandook payload
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

bandookrattrojanupx

behavioral2

bandookrattrojanupx

© 2018-2024

Terms | Privacy